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MEMORANDUM FOR: Deputy Director for Administration 


STAT FROM 
Assistant for Information, DDA 


SUBJECT : Implementation of National Security Information 
Executive Order 


1. Our paper addressing the implementation of the yet-to-be signed 
Executive order which will replace E.0. 11652 is attached. It was pre- 


STAT ared b in close coordination with OGC, and STAT 
STAT Ep re Susan also talked with Executive STAT 
ecretary, SECOM. 
2. I believe that all essential steps have been covered, and 
suggest, if you concur in our proposals about who should do what, that 
we send copies of the outline to all those who are likely to be involved 


in the process. Action can then begin promptly once the order is sipned. 


STAT 


Attachment: a/s 
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IMPLEMENTATION OF EXECUTIVE ORDER FOR NATIONAL SECURITY INFORMATION 
(replacing E.O. 11652) 


1. INTRODUCTION 


a. The intent of this paper is to identify the issues which need 
to be resolved, and activities which need to be accomplished to imple- 
ment the new Executive order by 1 December 1978. The Executive order 
addresses the protection of National Security Information. This pro- 
tection can be divided into two elements: the actual classification of 
information; and the physical protection of the information, to include 
personnel security. We are identifying the classification process as a 
records management function and the safeguarding process as a security 
function. Categories of tasks necessary for implementation have been 
developed (detailed below) to be delegated to appropriate task forces 
and/or Agency components for completion (suggested assignments included). 
The policies and procedures to be developed must be consistent with the 
Implementing Directive for the new Executive order and any relevant DCI 
directives. 


b. This paper assumes that the DDA will be designated the Agency 
official to ensure compliance with the new E.0., as was the case in 1972 
when E.0. 11652 was issued. It was developed by using the 9 May draft 
of the proposed Executive order. The DCI has sent a letter to the 
General Counsel, OMB, addressing an exemption from the 20-year systematic 
review requirement for information dealing with human sources. If this 
exemption is granted, additional procedures for handling this category 
of information will need to be developed. 


c. This paper also assumes that the Information Review Committee 
(IRC) Working Group will address the major policy issues and provide 
recommendations to the IRC for its implementation decisions. 


2. MANAGEMENT OF ON-GOING INFORMATION SECURITY PROGRAM 
a. Specific Tasks: 


(1) Designate Agency representative to Interagency Information 
Security Committee. {ss STAT 


(2) Designate a senior Agency official to chair a committee with 
authority to act on all suggestions and complaints with re- 
WHY Kat US spect to the Agency's administration of the information 


security program. __ ae 
in BURKE. 
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(3) Designate a senior Agency official to conduct an active 
oversight program to ensure effective implementation of 
this Order. Specifically, this official would: 


(a) Manage the implementation of the Executive order. 


(b) Submit to the Information Security Oversight Organ- 
ization (ISOO) copies of all regulations and guide- 
lines for systematic review, developed by those 
responsible for that task, adopted pursuant the E.0. 

and implementing directives. Subsequent changes 
shall also be forwarded. 


(c) Prepare reports to ISOO as Director, ISOO finds 
necessary. 


(d) Manage process to decide appeals arising from denials 
of declassification requests, and amend as necessary 
to conform with the new E.0. The procedures for this 
will be developed under the auspices of general declas- 
sification tasks. 


= PRS (e) Develop, to extent practicable, and publish in Federal 


Register, individual regulations implementing the 1:-0: 


b. Suggested Action Responsibility: 
(1) The existing Information Review Committee, chaired by the 
DDA, meets the requirements of Specific Task (2). 
(2) The designations of officials for tasks (1) and (3) are 
under the purview of the DDA. 
SAFEGUARDS 
a. Safeguarding is not addressed in detail in the draft Executive 
order. It is expected that the Implementing Directive will 
address document control inventories, protection of information, 
transmission of information, etc. 
b. Specific Tasks: 
(1) Develop and manage physical security systems as required. 
(2) Develop procedures for the review and approval of CIA 
special access systems. 
c. Suggested Action Responsibility: Office of Security 
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Pies 4. REGULATIONS 


The following regulatory issuances are affected by the new 
Executive order: 


(1) HR [____]dated 11 February 1975 incorporates the Agency's 


SE Comment - NEED Fer 


Roms wT. use enuf 
¥oppaciwers USE ey 


exnmineo © 
STA BAoue 8 TN 


STAT oF Geis 
so ‘ ee 


ee 
Fs 


STAT ® (5 
, gre, | ) 


ee 


et aa 


basic implementation of the Freedom of Information Act 
and Executive Order 11652. 


HR dated 21 April 1976 covers dissemination controls Sf¢. Cum 
on foreign intelligence information. It incorporates the Wue HANDLE 
provisions of DCID 1/7 and provides for the additional pye-zeny TAKEM 


markings CIA INTERNAL USE ONLY, ADMINISTRATIVE- INTERNAL 
USE ONLY, and FOR OFFICIAL USE ONLY. 


clesery 
(3) HN [J datea 24 May 1977 implements the paragraph mark- 


ing provision of E.0. 11652. 


HRE™~—“C™CSCSCCCCCC# Cover additional aspects off access 
_to and release of information, while HR ees rr 
safeguarding provisions that relate to E.0. 11652 require- 
ments. 


HR[-___Jand HRL__]cover the classification/declassifica- 
tion of National Security Information program. HHB 

dated 23 August 1977 covers handling and processing pro- 
cedures for FOIA, Privacy Act, and E.O. 11652 requests. 


Specific Tasks: 


(1) 


(2) 


(3) 


Establish responsibility for Agency regulatory issuances 
governing classification of information. 


Revise Agency regulations to implement the new Executive 
order. 


Review other pertinent regulations as to appropriate changes 
required under the new Executive order. 


Suggested Action Responsibility: 


(1) 


Decision as to component with regulations responsibility: 
DDA. ISAS ang. OS to prepare suggestions (options) as to 
what information should appear in the regulations and 
where and what information should be included in a Head- 
quarters handbook on classification. Informal discussion 
to date has covered the following: 
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(a) The 10 Series regulations generally fal] under the 
purview of the Office of Security, although HN[_] 
was prepared in the office of the AI/DDA. The 
[ ]Series regulations generally fall under the purview 
of the AI/DDA -- in particular the Information Systems 
Analysis Staff and the Information and Privacy Staff. 


(b) It has been informally discussed in the general process 


of updating all Agency regulatory issuances that regu- 
lations covering classification and relcase of informa- 
tion be in the [_]Series (e.g., UHB [____] and that 
regulations covering physical, personnel, and computer 
security continue to be in the Series. 


(c) In addition there are about 40 references throughout 
the Agency regulations relating to use of special 
sensitivity markings as well as the ones specified in 
HR [_____Jand HR It might be appropriate to 
address the whole question of document markings on 
unclassified as well as classified information at some 
stage of the regulations update. 


Review other regulations as to determine appropriate revi- 
sions: JSAS. 


Draft revised regulations: ISAS, OS, and OGC. 
Coordinate regulations and present for approval: ISAS/RCB. 
Coordinate compatibility of Agency regulatory provisions 


with Community requirements, particularly in the area of 
document markings: ISAS and SECOM. 


5. ORIGINAL CLASSIFICATION AUTHORITY 


a. Delegations of Authority: 


(1) 


(2) 


(3) 


Develop recommendations for officers (positions) to be 
delegated (by DCI) original TOP SECRET classification 
authority. 


Develop recommendations for officers (positions) to be 
delegated (by DCI) original SECRET classification authority. 


Develop recommendations for officers (positions) to be 
delegated (by DCI) original CONFIDENTIAL classification 
authority. 


Approved For Release 2006/04/19 4 CIA-RDP86-00674R000300090006-2 


Atmypistraivg ~ fatarnal Hep Rate 


STAT 


STAT 


STAT 


STAT 


eomeonme, 


RAG 


a. 


wg 
at tip 


cimapaualivea « Infornal Hen Auiv 
Approved ForQplease 2006/04/19 : CIA-RDP86-006748)00300090006-2 


(4) Develop policy to be followed by those officers who have 
TOP SECRET classification authority to delegate SECRET 
and CONFIDENTIAL classification authority. 


(5) Develop procedures to implement policy developed in (4). 
Review existing procedures for the management of classification 
authorizations and amend as necessary to make them consistent 


with the new Executive order. Procedures should cover: 


(1) Notification of delegation of authority/rescission of 
authority. , 


(2) Maintenance of central record of present and past authori- 
zations (as to position assignment). 


Suggested Action Responsibility: 


(1) Recommendations for DCI delegation of authority: LSAS/BAB. 
develop procedures, for review by IRC Working Group, whereby 
IRC members and the O/DCI (including PAO, OLC, OGC, O/Compt, 
ICS, and EEQ) make the recommendations. 


(2) Procedures to manage the delegation (a(5) and b) of author- 
ity: ISAS/RAB, with Office of Personnel, develop procedures 
for review by IRC Working Group. 


6. CLASSIFICATION GUIDELINES 


The Executive order states that "Original classification author- 
ity shall not be given to persons who only reproduce, extract or 
summarize classified information or who only apply classified 
markings derived from source material or as directed by a clas- 
sification guide.'' Several policy issues are apparent: 


(1) Require policy as to when to use classification markings 
applied to source documents and when to use a classifica- 
tion guideline. 


(2) Require policy as to the development of Agency-wide 
; guidelines, or directorate-developed guidelines, or 
an organizational mix of guidelines. 


(3) Require policy as to who can use derivative classification. 
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ISAS/RAB is drafting classification guidelines from the 
declassification guidelines, now in effect for 30-year ; 
systematic review, to provide a starting place for discussion 
of guidelines and their use. Some concerns: 

(1) Guidelines can be classified documents themselves. 

(2) <A guideline can never be superseded. Each one published 
must be retrievable, along with originating classifier 
information and mandatory review date. 

Specific Tasks: 


(1) Develop procedure for the development, review, approvel, 
and dissemination of guidelines. 


(2) Develop puceadund for the operational usage of guidelines. 
Suggested Action Responsibility: 


(1) IRC Working Group be tasked to recommend policy as to use 
and development of guidelines. 


(2) Development of guideline management procedure to be tasked 
to ISAS; or alternatively, OS. 


DECLASSIFICATION REVIEW 


a. 


Systematic Review Tasks: 

(1) Identify specific categories of documents or information 
which require requests to Director, ISOO for extending 
period for subsequent reviews. 


(2) Develop, issue, and maintain guidelines for 20-year review. 


(3) Review and approve DOD procedures for cryptologic informa- 
tion with respect to sources and methods (for DCI approval). 


Mandatory Review Tasks: 


(1) Develop Agency procedures for the declassification of docu- 
ments under mandatory review (FOI/PA requests are included). 


(2) Downgrading: develop procedure to notify holders of infor- 
mation when downgrading is not automatic. 
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c. General Tasks: 


C1) 


(2) 


(3) 


Develop facility to which all declassification actions are 
reported and recorded. 


Recommend process to decide appeals from denials of declas- 
sification process. 


Coordinate procedures with SECM. 


d. Suggested Action Responsibility: 


oars (1) 


(2) 


(3) 


a (4) 


reg atas 8. MARKINGS 


Systematic Review items: ‘Task force made up of directorate 
representatives and chaired by ISAS/RRB, to develop items 
for IRC Working Group review and approval. 


Mandatory Review: Task force made up of representatives 
from OGC, PAO, DDO, OS, IPS and ISAS to make recommenda-~ 
tions to IRC Working Group. et 


Central reporting facility: Task force made up of repre- 
sentatives of OGC, IPS, chairman of Mandatory Review task 


op emrenee 


Develop procedures to decide appeals of declassification 
process: ISAS for IRC Working Group approval. ' 


a. Policy Issues: 


(1) 


(2) 


Agency-wide policy needs to be developed as to the marking 
of classified portions of documents with the appropriate 
classification designations. 


Related to portional marking is the determination of 
specific classes of documents or information for which the 
Agency might form a request to Director, Information Security 
Oversight Office, for a waiver from the markings of portions 
requirement. 


b. Specific Tasks: 


(1) 


Develop authorized markings: 


(a) Develop markings required under new E.0. (including 
computer-generated output and electrical messages). 
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(b) Develop marking guidelines for Agency dissemination 
controls and special access systems. (Requirements 
for SCI material will come from SECM.) 

(c) Develop markings for reproduction prohibitions. ~ 


(d) Develop markings for declassification. 


(2) Order appropriate numbers of the necessary rubber stamps 
and make generally available. 


c. Suggested Action Responsibility: 

(1) A Marking task force (with Agency-wide representation and 
chaired by JSAS) be appointed to develop and recommend to 
the IRC: (1) policy for marking of portions, and (2) the 
Classes of documents and information for which a request. 
from a waiver from the portional marking requirement can 
be made. 

(2) Development of authorized markings: ISAS with OS/ISSG and 
OC, develop markings to be coordinated with the Marking 
task force for recommendation to the IRC for approval. 

(3) ISAS for item b(2). 

TRAINING 
a. Determine requirements for training programs to be developed 
and given by OTR. 

(1) Indoctrination of operating officials. - 

(2) Indoctrination of clerical employees. 

(3) Presentation for on-going new employees indoctrination. 

b. 


Suggested Action Responsibility: ee determine and then 
coordinate training requirements wit personnel . 
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